Home Network / Lab

 My Current Setup

I feel like this is an obligatory post on personal tech blogs. Home labs are what you make of them. I do not believe we all need to have a full rack or do I believe we even need physical hardware depending on what you're interested in. Personally, I don't need a rack or even a quarter rack. While the equipment can be found somewhat cheap, its generally loud and power hungry and I don't have a proper space to keep it cool in the summer months. I admit everything I have is outdated for an enthusiast but it more or less gets the job done for my purposes.Most of the hardware except the wifi stuff was free from my last employer.  


Ive broken up the diagram with various colors but don't pay too much attention to them. Its mainly to separate physical spaces, not networks (but those are still in VLANs)

Starting with the top we have a basic Internet connection. Standard in my area is 100Mbps sadly unless I want to double my bill for 200Mbps. This feeds my OPNSense firewall. From there it goes into a Netgear managed gigabit switch which is the core of my network.This recently replaced a 24 Port HP ProCurve rack mount switch. I have Proxmox box Ive been playing around with attached to that. I'm still debating on running OPNSense on this but I need more time to test and figure things out. 

Moving down and to the left I have my room which has a Cisco poe fast ethernet switch (has dual gig uplink ports though) which my PC and AP are attached to. The switch also allows me to play with other PCs/hardware without running additional cables from the spare room. 

To the right of that we have my roommates area. Which is basically an AP stationed close to their room but also provides coverage in the living room and kitchen. All their devices are wireless and are on their own VLAN. 

The green area is part of the reason I don't want to move out. I'm lucky enough to rent a house that has a large walk in shed with power in the back yard. I could have easily added another AP in the spare room and in theory got enough coverage to have coverage out there, but that wouldn't be nearly as fun. I purchased a pair of Ubiquiti Nanobeams and ran a cable out of the house where the coax for the modem entered. The shed is somewhat rigged together so it was easy enough to find another small hole to run the cable out of. In there I have the another Cisco switch (same model as the one in my room). This feeds 2 APs, one solely for 5GHz and the other is a high gain model for 2.4GHz. The latter is finicky and works about half the time. Im going to remove it in favor of some Unifi Mesh APs to fine tune the coverage with 5GHz. Lastly this also gives connection my PC out there which is not only for looking up manuals but also runs the Unifi controller. 

With this setup I can almost seamlessly roam across all areas of the property while using VoWifi. I bet I could get the side yards to work better by turning up the power a little but Im a fan of small cells and would rather practice proper placement with low power. It has also never given me an issue with speed unless I was on the side of the house. Even then, I could watch YouTube fine but the VoWifi would fail back to Cellular on occasion.  

The network is fully segmented as well. I have a VLAN and SSID for my stuff and the same for my roommate. My gear is also in its own VLAN and has firewall rules only allowing my shed PC to access the internet and my PC being the only thing outside of that network to access the infrastructure. There is always room for improvement but this feels like a good starting point. 

Lastly, Ill leave a list of the hardware used. Most of it was free so don't expect the best.  

  • OPNSense running on a Dell Optiplex with a Core i7, 16GBs RAM, 128GB SSD, Intel Dual Gig NIC (Free)

  • Proxmox on the same hardware as above (Free)

  • Unifi Controller/Ubuntu running on a Dell Optiplex SFF with an i7, 8GBs of RAM and a 128GB SSD (Free)

  • 2x Cisco 2960-C PoE Fast Ethernet Switches (Free)

  • 1x Netgear PROSafe 8 Port Gigabit Smart Switch

  • 3x Ubiquiti AP AC Lites

  • 1x Ubiquiti AP LR

  • 2x Ubiquiti Nanonbeam's



Comments

Post a Comment

Leave a comment...

Popular posts from this blog

Capturing Roaming Events

Image
Finally! I scored a newer laptop to put Kali Linux on along with Windows to do some more wifi shenanigans. Before I was using a WLANPi on my desktop, which limited my mobility of course. Now I can follow devices and get closer to some of my other APs. Yes I know you can also use Pi as a remote capture device but that still didnt help with looking into roaming events. Now its been a few years since Ive used Kali and I was amazed at how polished its become. I think I used Backtrack about a decade ago to try and 'hack' my wifi with a WPA cracking tool. Needless to say that didnt launch my security career but it was quite interesting. There are plenty of tutorials on how to set you capture device in monitor mode so I wont go into that here. If you are curious here is the Airmon-ng website. Please note only certain chipsets are supported in Kali for this. Atheros cards seem to be the defacto standard for monitor mode support but I had a Comfast CF912 and TPLink Archer T9UH adapter ...
Read more

IoT and Smart Home Devices: Part 1

Image
  Source: https://www.sparkfun.com/products/17146                 This is going to be a multi part post going over a little IoT smart plug I picked up on clearance at Walmart. I'll make it clear I'm generally very skeptical about these types of devices so much that I don’t even want my roommates Alexa on the same network as mine. However with these things being so prolific it is best to understand them so we can better protect our networks. Ill start with a little background of the device, how I acquired it, and my research on the brand. I will then do my best to uncover any (hopefully) FCC filings and their documentation. From there we will explore a bit of the theory on how the majority of these cheaper devices connect to our networks. Lastly Ill do my best to capture packets during the join process but we will see how that goes with my limited setup.  I was looking to purchase a new Roku and since Walmart was the closest st...
Read more

Frame Exploration: Authentication Frames

Image
Authentication Frames in 802.11 are not about verifying the identity of clients or forming a secure connection. These frames are used to ensure each radio is actually a valid .11 device that can communicate on the network. It has been described similarly to plugging a network cable into the wall or switch.  Please note this is only valid for networks using WPA or WPA2. WPA3 introduces SAE (Simultaneous Authentication of Equals) and uses a 4 message exchange for authentication. We will be looking at Open System Authentication frames here.  In the above we have the two frame exchange between the client device and the AP. Each message is the essentially the same and contains a Sequence Number and Status Code to tell whether or not authentication was successful.  As with all other frames we can look at the FCF to verify what type of message it is too. And that's all there really is to it. If each radio can authenticate with one another they can proceed to the Association stag...
Read more